Example 51 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project spring-security by spring-projects.
the class ChannelSecurityInterceptorTests method preSendDeny.
@Test(expected = AccessDeniedException.class)
public void preSendDeny() throws Exception {
when(source.getAttributes(message)).thenReturn(attrs);
doThrow(new AccessDeniedException("")).when(accessDecisionManager).decide(any(Authentication.class), eq(message), eq(attrs));
interceptor.preSend(message, channel);
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
Authentication(org.springframework.security.core.Authentication)
Test(org.junit.Test)
Example 52 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project spring-security by spring-projects.
the class DefaultWebInvocationPrivilegeEvaluatorTests method deniesAccessIfAccessDecisionManagerDoes.
@SuppressWarnings("unchecked")
@Test
public void deniesAccessIfAccessDecisionManagerDoes() throws Exception {
Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(interceptor);
doThrow(new AccessDeniedException("")).when(adm).decide(any(Authentication.class), anyObject(), anyList());
assertThat(wipe.isAllowed("/foo/index.jsp", token)).isFalse();
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
Authentication(org.springframework.security.core.Authentication)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
Test(org.junit.Test)
Example 53 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project spring-security by spring-projects.
the class DelegatingAccessDeniedHandlerTests method matchesDoesNotInvokeDefault.
@Test
public void matchesDoesNotInvokeDefault() throws Exception {
handlers.put(InvalidCsrfTokenException.class, handler1);
handlers.put(MissingCsrfTokenException.class, handler2);
handler = new DelegatingAccessDeniedHandler(handlers, handler3);
AccessDeniedException accessDeniedException = new MissingCsrfTokenException("123");
handler.handle(request, response, accessDeniedException);
verify(handler1, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AccessDeniedException.class));
verify(handler2).handle(request, response, accessDeniedException);
verify(handler3, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AccessDeniedException.class));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MissingCsrfTokenException(org.springframework.security.web.csrf.MissingCsrfTokenException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Test(org.junit.Test)
Example 54 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project spring-security by spring-projects.
the class DelegatingAccessDeniedHandlerTests method moreSpecificDoesNotInvokeLessSpecific.
@Test
public void moreSpecificDoesNotInvokeLessSpecific() throws Exception {
handlers.put(CsrfException.class, handler1);
handler = new DelegatingAccessDeniedHandler(handlers, handler3);
AccessDeniedException accessDeniedException = new AccessDeniedException("");
handler.handle(request, response, accessDeniedException);
verify(handler1, never()).handle(any(HttpServletRequest.class), any(HttpServletResponse.class), any(AccessDeniedException.class));
verify(handler3).handle(request, response, accessDeniedException);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Test(org.junit.Test)
Example 55 with AccessDeniedException
use of org.springframework.security.access.AccessDeniedException in project spring-security by spring-projects.
the class ExceptionTranslationFilterTests method testAccessDeniedWithRememberMe.
@Test
public void testAccessDeniedWithRememberMe() throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest();
request.setServletPath("/secure/page.html");
request.setServerPort(80);
request.setScheme("http");
request.setServerName("www.example.com");
request.setContextPath("/mycontext");
request.setRequestURI("/mycontext/secure/page.html");
// Setup the FilterChain to thrown an access denied exception
FilterChain fc = mock(FilterChain.class);
doThrow(new AccessDeniedException("")).when(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
// Setup SecurityContextHolder, as filter needs to check if user is remembered
SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
securityContext.setAuthentication(new RememberMeAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));
SecurityContextHolder.setContext(securityContext);
// Test
ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
MockHttpServletResponse response = new MockHttpServletResponse();
filter.doFilter(request, response, fc);
assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp");
assertThat(getSavedRequestUrl(request)).isEqualTo("http://www.example.com/mycontext/secure/page.html");
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
FilterChain(javax.servlet.FilterChain)
SecurityContext(org.springframework.security.core.context.SecurityContext)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
RememberMeAuthenticationToken(org.springframework.security.authentication.RememberMeAuthenticationToken)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Aggregations
AccessDeniedException (org.springframework.security.access.AccessDeniedException)67
Test (org.junit.Test)21
Authentication (org.springframework.security.core.Authentication)14
ConfigAttribute (org.springframework.security.access.ConfigAttribute)13
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)8
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)7
HttpServletRequest (javax.servlet.http.HttpServletRequest)6
HttpServletResponse (javax.servlet.http.HttpServletResponse)6
WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)6
ArrayList (java.util.ArrayList)5
AuthorizationFailureEvent (org.springframework.security.access.event.AuthorizationFailureEvent)5
InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)5
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)5
MethodInvocation (org.aopalliance.intercept.MethodInvocation)4
Interpretation (org.hisp.dhis.interpretation.Interpretation)4
User (org.hisp.dhis.user.User)4
SecurityConfig (org.springframework.security.access.SecurityConfig)4
IOException (java.io.IOException)3
InsufficientScopeException (org.springframework.security.oauth2.common.exceptions.InsufficientScopeException)3
FilterInvocation (org.springframework.security.web.FilterInvocation)3
